May 2017
Intermediate to advanced
416 pages
21h 33m
English
The HTTP methods TRACE, CONNECT, PUT, and DELETE might present a security risk, and they need to be tested thoroughly if supported by a web server or application.
TRACE makes applications susceptible to Cross-Site Tracing (XST) attacks and could lead to attackers accessing cookies marked as httpOnly. The CONNECT method might allow the web server to be used as an unauthorized web proxy. The methods PUT and DELETE can change the contents of a folder, and this could obviously be abused if the permissions are not set properly.
You can learn more about common risks associated with each method at https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008).
Read now
Unlock full access